Ransomware Attack on Kharafi Global by LockBit3

Company Profile

Kharafi Global is a professional support services company known for offering a wide range of services, including facility management, construction project support, and various value-added services. The company emphasizes its commitment to customer service and stability, backed by an experienced team of consultants and technicians. The registered company name is Al Kharafi Global General Trading & Contracting Co. WLL. Kharafi Global distinguishes itself with comprehensive service offerings that cater to various industries in Kuwait and the Middle East. The company's focus on facility management and construction project support sets it apart in the industry.

The exact size of the company is not explicitly mentioned in the available sources. However, given its diverse service offerings and presence in multiple industries, Kharafi Global is likely a medium to large-sized company. While the company's revenue is not publicly disclosed, Kharafi Global likely generates significant revenue from its diverse range of projects and clients, reflecting its well-established position in the market.

Ransomware Attack Overview

The LockBit3 ransomware group targeted kharafiglobal.com on May 27, 2024, at 7:07:18, resulting in a successful breach of the company's systems. Sample data was released, indicating the severity of the attack.

Ransomware Group Profile

LockBit3, also known as LockBit Black, is an evolution of the LockBit ransomware group. Known for its advanced and dangerous ransomware threats, LockBit3 employs techniques such as encrypting files, modifying filenames, changing desktop wallpapers, and dropping ransom notes on victims' desktops. The ransomware is heavily obfuscated and protected against analysis, making it challenging for security researchers to study.

LockBit3 utilizes advanced encryption and obfuscation techniques, is capable of lateral movement within networks, deletes traces of its presence to evade detection, operates under a Ransomware-as-a-Service (RaaS) model, and targets a wide range of organizations globally.

Company Vulnerabilities

Kharafi Global's extensive service offerings and large client base may have made it an attractive target for threat actors like LockBit3. The company's involvement in financial operations and valuable data management could have exposed vulnerabilities that the ransomware group exploited. The ransomware attack by LockBit3 on Kharafi Global led to the leak of sample data, indicating a significant breach of the company's systems. This incident underscores the sophisticated tactics employed by LockBit3 to infiltrate and compromise organizational networks.

Sources:

• VMware - LockBit 3.0
• SentinelOne - LockBit 3.0
• Trend Micro - LockBit Ransomware Group
• Times of India - LockBit 3.0
• Wazuh - Detecting LockBit 3.0 Ransomware